Hi all, so I'm working on this terminal server, and clients need to be able to print to their local printers. Should be simple with 2008 and printer redirection right? Wrong. Any printer installed on the server works fine, both for admins and users, however redirected printers don't work, regardless of who's logged in. Error logs show a print error with "Access Denied" every time I try to print to a redirected printer. I followed a bunch of post that talk about giving permissions on the Spool folder but to no avail. Regardless that can't be the issue because users can print to installed printers no problem, and admins have the same problem. The clients logging in are not part of the domain, could that be the issue? Does it make sense that I'd have to give permissions on the Clients? What else could be the issue here?

P.s. There are some pretty draconian GPO settings, but those apply just to a "Remote Users" OU, so I don't see why that should affect admins or users in other OU's. Or could it?

So over the weekend I managed to get it working, although I'm not exactly sure what did it. After demoting the server and messing with a few other stuff I went back to permissions on the Spool folder. This time I made sure to "Replace all child object permissions..." I'm not sure if I tried that the first time around - could be I added an entry for Everyone and thought it'd work on everything below it. So I don't know if it was demoting THEN replacing perms or if simply replacing perms would have worked.

Most of that is talking about permissions. Again, printers installed on the server work fine. So users definitely have good access to the Spooler.The only thing that may be relevant there is the fact that I'm using the TS as a DC as well. I know it's not recommended but this is the only server in the business. I'm in the process of installing VMware so I can virtualize the DC and have it separate. I'll see if there's any change after demoting this server..

Let me make sure I understand fully. The client remoting into your TS is the only one attempting to print to the redirected printer. What I mean is, another TS user cannot print to a redirected printer that came along with a different TS user. (correct me if i'm wrong) I believe that the redirected printer is only available to the user from the client workstation.

The settings of those draconian GPOS's linked to your remote users-ou should be studied. imo

We had to specifically deny printer redirection (via policy) for TS sessions because of the support costs.

Is the Print Management role installed on the TS? (is the TS a print server?) -not overly relevant.

The Remote Desktop Easy Print driver is the default driver for redirected printers. If that driver fails to function the TS attempts to use a print driver that is available on the TS.

With the clients logging in not being domain member, that's not the issue. My poor terminal servers learned that the hard way.

The only experience I've had with ts redirected printers has been to support a VERY short list of users that have permission to remote connect to an isolated (by OU) TS that allows, or more correctly stated- not disallowing, this type of printer redirection.

When I look at security effective perms for administrator on a printer installed on the server I see full permissions, however when I check effective for admin on a redirected printer I get nothing (attached). That normal?

So over the weekend I managed to get it working, although I'm not exactly sure what did it. After demoting the server and messing with a few other stuff I went back to permissions on the Spool folder. This time I made sure to "Replace all child object permissions..." I'm not sure if I tried that the first time around - could be I added an entry for Everyone and thought it'd work on everything below it. So I don't know if it was demoting THEN replacing perms or if simply replacing perms would have worked.

However, 1 user (so far), creates a VPN connection, then connects to some terminal server outside of our network (I don't have it under my control). (termninal server X)The printers deployed via GPO are redirected onto the terminal server.when printing from that terminal server, the document goes into the queue, and is processed fine.If I then minimize the terminal server session, the document is stuck on the user's local machine with the error: access denied.

I'm clueless..I also saw a ton of topics which said you have to change the permissions on the spool folder, but that's just retarded..After a few hours of troubleshooting I eventually tried that, but didn't make any difference..

The strange thing is that it did work when the same printer was installed via the 2003 r2 server..

any ideas?Basically it's the same issue as ben9691 had, but I just need to know how he fixed it :)

*** EDIT ***

Just tested with logging into 2 other terminal servers (A and B), and there it is actually working..So you'd say it's related to terminal server X, because its working perfect on terminal server A and B, both other terminal servers from other customers.

However, how do you then explain that, printing with a redirected printer from the 2003 r2 on terminal server X, does work?

*** EDIT ***

Found the issue: the server from the other company has installed DC role and TS role on the machine.there's is cmd you can run and reboot the server that SHOULD fix the issue, I'm waiting on their IT guy to apply the cmd and reboot the server, but it's very likely that's the issue...